e-ManualTopSite mapHelpGlossary

Category Top

Increasing Security

Restricting Access by Authentication

Administrator Settings

Specifying the System Manager Settings

Department ID Management

Specifying Department ID Management

Checking/Printing/Clearing Page Totals

Accepting Jobs with Unknown Department IDs

Accepting B&W Copy and Print Jobs without Entering a Department ID

User Setting Information Management (User Setting Information Management Service)

Logging In to the User Setting Information Management Service Page

Deleting the User Setting Information

User Access Control for Advanced Box

Logging In to the User Management Page

Registering/Editing the User Information of User Access Control for Advanced Box

Editing User Information by General Users

Authentication Log Management for the Advanced Box

Authentication Method Settings for Sending Operations

Specifying Personal Folders

Registering Personal Folders for Each User

Setting Up the Home Folder and Personal Folders

Registering Folders Designated by Login Service as Personal Folders

Specifying Authentication Method for LDAP Server

Specifying Authentication Method for Rights Management Server

Specifying Authentication Method for SMTP Server

Specifying Authentication Method for File Server

Specifying Authentication Method for Advanced Box

Simple Authentication Settings for Secure Print

Setting to Disable Integrated Authentication

Network Security

Key Pair and Server Certificate Settings for Encrypted SSL Communication

Generating a Key Pair and Server Certificate

Registering a Key Pair File and Server Certificate File Installed from a Computer

Editing Key Pairs and Server Certificates

Registering/Editing a CA Certificate File

Verifying Certificate Validity Using Certificate Revocation List

Using an Encryption Method That Complies with FIPS 140-2

Advanced Box Settings

Specifying the Advanced Box Settings

Setting the Network

MEAP Settings

Using the SSL

Printing Installed Application Information

Preventing Information Leakage

Digital Signatures

Setting/Confirming a Key Pair and Device Certificate

Confirming a Key Pair and User Certificate

Checking a Device Signature/User Signature Certificate

Setting a Rights Management Server

Forced Secure Watermark/Document Scan Lock

Secure Watermark (Forced Secure Watermark/Printer Driver Secure Watermark)

Adjusting the Secure Watermark Contrast

Selecting the Code for Document Scan Lock (TL Code/QR Code)

Document Scan Lock Settings (TL Code)

Specifying the Document Scan Lock Operational Settings
Setting the Document Scan Lock Mode (TL Code)
Adjusting the TL Code

Document Scan Lock Settings (QR Code)

Specifying the Document Scan Lock Operational Settings (QR Code)
Setting the Document Scan Lock Mode (QR Code)
Setting the Document Scan Lock Mode and Secure Watermark (QR Code)
Adjusting the QR Code Print Position

Copy Set Numbering Options

Accepting Only Encrypted Secure Printing

Restricting the Send Function

Setting the Address Book

Mail Box Settings

Specifying Settings for All Mail Boxes

Specifying the Mail Box Security Settings

Setting the Control Panel Display

Specifying Management Settings for the Hard Disk

Completely Erasing Unnecessary Data from the Hard Disk

Initializing All Data/Settings

TPM Settings

Device Management

Using the USB Port

Device Information Settings

Specifying Device Information Delivery Settings

Registering/Deleting/Printing Delivery Destinations

Setting Automatic Delivery

Setting Manual Delivery

Setting the Receiving Machine

Checking/Printing the Communication Log

Limiting Functions

Limiting Functions When the Security Key Is Turned OFF

Remote UI

Clearing the Message Board

Retrieving Audit Logs

Available Administrator Settings Table (Touch Panel Display)

IEEE 2600 Security Standard

Top » Security » Specifying Management Settings for the Hard Disk » TPM Settings
TPM Settings
06RH-25Y
If the TPM setting is activated and backed up on to the USB memory, you can safely store in the TPM chip the encryption key (TPM key) that encrypts confidential information such as the password, public key pair for SSL communication, and user certificate that are stored in the machine. Doing so, you can prevent important information for the machine from leaking. Also, you can recover the system if the TPM chip fails by restoring the TPM key.
IMPORTANT
Before the TPM setting is activated, the System Manager must check that the default settings of the System Manger ID and System PIN (System Manger Settings) are changed. If the default settings of the System Manager ID and System PIN are not changed, user other than the administrator can backup and the TPM backup key may be taken. Since TPM key can only be backed up once, you cannot restore the TPM key.
Backup the TPM key immediately on to the USB memory after the TPM setting is activated.
For security reasons, you can only backup the TPM key once. Store the USB memory with the backup data in a safe place. Also, write down the password set when backing up and keep it in a safe place.
The security provided by TPM does not guarantee complete protection of the data and hardware. Note that Canon will not be liable for any failure or damages resulting from the use of this mode.
Insert the USB memory straight into the USB port. If the USB memory is inserted in an angle or if you insert a USB memory type not compliant with USB standard, the USB port may be damaged.
Do not remove the USB memory during backing up or restoring data. Doing so may cause damage to the USB memory, USB port, or the data inside of the USB memory. Also if the USB memory is removed when restoring, the machine may be damaged.
To use the USB memory, press [Preferences] (Settings/Registration) → [External Interface] → [USB Settings] → [Off] for <Use MEAP Driver for External USB Device>.

Setting TPM
This section explains how to activate the TPM setting.
1.
Press (Settings/Registration).
2.
Press [Management Settings] → [Data Management] → [TPM Settings].
3.
Press [Yes].
NOTE
If the TPM setting is activated, it may take longer to start the machine.
Backing Up the TPM Key
If the TPM setting is activated and the TPM chip fails, you cannot recover the confidential information since each type of confidential information is uniquely encrypted with the TPM key. Thus, immediately backup when the TPM setting is activated.
For backing up, use the commercially available USB memory.
1.
Press (Settings/Registration).
2.
Press [Management Settings] → [Data Management] → [TPM Settings].
3.
Press [Back Up TPM Key].
4.
Press [Password].
5.
Enter the password → press [OK].
6.
On the Confirm screen, enter the same password to confirm the password → press [OK] → [OK].
7.
Connect the USB memory to the machine → press [OK].
If the error screen appears, follow the instructions on the screen and backup again.
IMPORTANT
Before backing up, make sure that writing is allowed for the memory media connected to the machine.
Do not connect any other memory media.
Restoring the TPM Key
If the TPM chip fails, you can use the previously backed up data of the TPM key to restore the TPM key on to the new TPM chip. For information on TPM chip failure, contact your local authorized Canon dealer.
1.
Press (Settings/Registration).
2.
Press [Management Settings] → [Data Management] → [TPM Settings].
3.
Press [Restore TPM Key].
4.
Press [Password].
5.
Enter the password you specified when backing up → press [OK] → [OK].
6.
Connect the USB memory to the machine → press [OK].
If the error screen appears, follow the instructions on the screen and backup again.
IMPORTANT
Before restoring, make sure that the memory media you used for backing up is connected to the machine.
Do not connect any other memory media.
7.
Press [OK] → restart the system.

IMPORTANT
Restoring of the TPM key recovers access to the HDD/SRAM that became inaccessible due to TPM chip failure, and does not recover the HDD/SRAM itself.
If initialization is performed following the steps for "Initializing All Data/Settings," all of the data encrypted by the TPM key is completely erased and the TPM setting becomes inactive.
For the backup of the TPM key, it is recommended that you use a USB memory with free space of 10 MB or more.
You can use the USB memory that is commercially available.
The FAT32 file system is supported for USB memory.
The following USB memory and usage are not supported.
USB memory with a security function or a memory card reader that connects via USB
Using the USB memory with an extension cable
Using the USB memory via a USB hub
USB memory not compliant with the USB standard
You may not be able to use properly, depending on the USB memory you are using.
When you are using USB memory, the machine cannot enter the Sleep mode. Also, the Auto Sleep Weekly Timer settings are ignored.
You cannot access the machine during backing up or restoring data in the USB memory.
The data on the machine is backed up on the USB memory after it has been encrypted. You cannot manage or browse the backed up data on the computer.
You cannot back up the TPM key for the following cases:
USB memory is write protected
USB memory is not connected
More than one USB memory is connected
Not enough free space in the connected USB memory
TPM key does not exist on the machine
You cannot restore the TPM key for the following cases:
USB memory is not connected
More than one USB memory is connected
A TPM key does not exist on the USB memory
The TPM key on the USB memory is not correct
NOTE
The setting is effective only after you restart the machine (the main power switch is turned OFF, and then back ON). For instructions on restarting the machine (turning the main power switch OFF, and then ON), see "Main Power and Energy Saver Key."